Published: Sat, February 09, 2019
Electronics | By Kelly Massey

Popular iPhone apps secretly record users’ screens without permission

Popular iPhone apps secretly record users’ screens without permission

"Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity". This means that there is absolutely no way the user can know their screen is being recorded by an app.

In a recent tweet, Glassbox boasts about signing a deal with Air Canada, one of the apps TechCrunch has found to be among the worst offenders.

As for Apple, it's baffling that the company doesn't have restrictions against this kind of tech-or at least forced notifications alerting users when an app is using analytics technology to secretly record a user's screen. While they may provide a useful service to app makers by helping fine-tune their products, it isn't a great look that those apps aren't disclosing to their users that they're snapping screenshots of their every move.

Some companies sent the captured data to Glassbox, while others sent it to servers in their own domain, according to TechCrunch. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn't work or if there was an error.

The recordings are made to see user behavior within a certain app.

As TechCrunch notes, The App Analyst recently demonstrates that Air Canada wasn't properly "masking" session replays, exposing credit card details and passport numbers to people who replayed the session. Some of these apps properly mask that sensitive information before sending them off to remote servers.

Top trainer gets four-year ban
Weir could not offer an explanation on their discovery. "You are a 48-year-old man who completed a rags to riches rise in the racing world", Bowman told Weir.

Last August, Air Canada alerted mobile users 20,000 profiles "potentially have been improperly accessed," asking all 1.7 million users to reset their passwords.

Earlier, the apps tend to record the cookies, user data for the sake of analytics and monetization. While collecting user data purely for creating better apps makes sense, it's also important that users are aware how much of their sensitive data could be escaping their device. When you're using an app like Air Canada, Hollister, or Expedia, that app can monitor everything you tap and swipe in the app itself.

However, Abercrombie said that using Glassbox "helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience", according to 9to5Mac.

Abercrombie confirmed that it uses Glassbox but the company's privacy policy makes no mention of session replays, reports TechCrunch. In Air Canada's case, the TechCrunch investigation did not find any mention in its privacy policy that suggests the app sends screen data back to the airline.

Additionally, the company said that "captured data via our solution is highly secured, encrypted, and exclusively belongs to the customers we support".

Like this: